diff --git a/mitmproxy/platform/osx.py b/mitmproxy/platform/osx.py index 40a742e99..f9de1fbf3 100644 --- a/mitmproxy/platform/osx.py +++ b/mitmproxy/platform/osx.py @@ -1,7 +1,6 @@ import subprocess from . import pf -import re """ Doing this the "right" way by using DIOCNATLOOK on the pf device turns out @@ -16,7 +15,6 @@ import re """ STATECMD = ("sudo", "-n", "/sbin/pfctl", "-s", "state") -ipv4_mapped = re.compile("^::ffff:\d+.\d+.\d+.\d+$") def original_addr(csock): @@ -35,6 +33,4 @@ def original_addr(csock): raise RuntimeError( "Insufficient privileges to access pfctl. " "See http://docs.mitmproxy.org/en/latest/transparent/osx.html for details.") - if ipv4_mapped.match(peer[0]): - return pf.lookup(peer[0].replace("::ffff:", ""), peer[1], stxt) return pf.lookup(peer[0], peer[1], stxt) diff --git a/mitmproxy/platform/pf.py b/mitmproxy/platform/pf.py index c0397d789..bb5eb5152 100644 --- a/mitmproxy/platform/pf.py +++ b/mitmproxy/platform/pf.py @@ -1,3 +1,4 @@ +import re import sys @@ -8,6 +9,9 @@ def lookup(address, port, s): Returns an (address, port) tuple, or None. """ + # We may get an ipv4-mapped ipv6 address here, e.g. ::ffff:127.0.0.1. + # Those still appear as "127.0.0.1" in the table, so we need to strip the prefix. + address = re.sub("^::ffff:(?=\d+.\d+.\d+.\d+$)", "", address) s = s.decode() spec = "%s:%s" % (address, port) for i in s.split("\n"): diff --git a/test/mitmproxy/platform/test_pf.py b/test/mitmproxy/platform/test_pf.py index 3292d3456..b048a6970 100644 --- a/test/mitmproxy/platform/test_pf.py +++ b/test/mitmproxy/platform/test_pf.py @@ -15,6 +15,7 @@ class TestLookup: d = f.read() assert pf.lookup("192.168.1.111", 40000, d) == ("5.5.5.5", 80) + assert pf.lookup("::ffff:192.168.1.111", 40000, d) == ("5.5.5.5", 80) with pytest.raises(Exception, match="Could not resolve original destination"): pf.lookup("192.168.1.112", 40000, d) with pytest.raises(Exception, match="Could not resolve original destination"):